Hackers have grabbed the details of an estimated 500,000 credit cards in Australia after hacking into the poorly secured database of an unnamed business in what police have labelled a “disaster waiting to happen”.

The attacked could result in up to $25 million worth of fraudulent transactions, Detective Superintendent Brad Marden told SC Magazine, and it is believed that the perpetrators are part of a active Eastern European criminal syndicate. The group has previous and is said to be responsible for a 2011 attack on a Subway chain last year that affected 80,000 customers. This time the effects are considerably wider.

The group is said to have taken advantage of a basic security set-up that the retailer was using to hold its data. Marden explained that “the network was set up by some local suppliers who didn’t understand IT security.”

SC outlines exactly how the hackers got their hands on the customers’ information:

The syndicate captured credit card details using keyloggers installed within Point of Sale (POS) terminals and siphoned the data through an insecure open Microsoft’s Remote Desktop Protocol (RDP) connection.

Police say they are closing in on the gang in relation to its latest activity but, for now, Australian banks are on “high alert” in expectation that the card details will be sold off to third parties and other criminal elements.

The incident comes less than a month after Korea’s KT Telecom revealed that hackers had grabbed data from some 8.7 million customers. The operator revealed that the details were sold on to telemarketing firms during a five-month long campaign.